Over the past few months, a new threat has emerged on the web that puts our security and computer performance at risk.
This technique called “crypto jacking” or “bitcoin mining malware” has recently surfaced because of the crypto-currency boom and was widely reported by the specialized media a few weeks ago.
Unbeknownst to you, crypto jacking software uses your PC and your web browser (to be more precise) to mine digital currencies when you visit a site, using your resources via a dedicated script.
This new form of cyber threat made its debut at the end of September 2017, when the websites of the American company Showtime were reported to the community for launching the execution of a script that, once loaded, began to mine Monero discreetly.
As you probably already know, Monero has conquered a lot of Dark Web enthusiasts lately due to its 100% anonymous and untraceable side!
Nevertheless, as an open-source cryptocurrency focused on decentralization and privacy, Monero is useful for many demographics around the world.
The Monero script that was running on Showtime’s site a few months ago, was written in JavaScript and developed by the company Coinhive, with the aim of allowing companies willing to do so, to use their users’ CPU power to monetize their sites by taking advantage of the incredible explosion of digital currencies in 2017.
With no concrete way to know if your CPU is being used by the site you’re visiting, this has proven to be the perfect platform for hackers to commandeer the resources of our machines to make “crypto-profit”.
Around the same time as the Showtime “affair”, the famous torrent site The Pirate Bay was also caught exploiting the resources of its visitors, also using the famous Coinhive script without the consent of their users and to replace traditional advertising revenue.
This began to raise questions about the potential that such a model could allow, while also highlighting the ethical concerns associated with the lack of user consent.
There is currently no way for users to give or withhold consent to the service.
Pirate Bay has since removed the offending code, but reports indicate that the site may be re-implementing it in a more discreet manner…
A recent security research analysis by AdGuard revealed that mining is being promulgated on the devices of approximately 500 million Internet users without their consent now!
That’s a staggering number, but not surprising. The good news is that there are ways to protect yourself from it.
Here’s a look at some methods you can use to detect and prevent crypto jacking on your devices.
Detecting crypto jacking
Simply open the resource manager on your computer and check if your browser’s CPU usage is abnormally high. Take note if your CPU usage still increases after closing all open browsers.
This could be a malware encryption situation.
If you are on Mac, you will need to go to your Activity Monitor in your software utilities:
On Windows you will find it in your Task Monitor:
Preventing Crypto jacking
There are several ways to prevent Crypto jacking. One of these ways is the use of Chrome extensions, which are small programs that help enhance and modify the functionality of the Chrome web browser.
No Coin is one of the most reliable tools for blocking cryptocurrency mining via browser.
It is open-source and allows you to create whitelists and block any suspicious activity by simply blacklisting a list of domains known to practice such activities.
Similarly, the miner Block extension also works by blocking miners on all the sites you visit.
If you prefer to block JavaScript, use No Script, an extension for Firefox, or Script Safe for Chrome.
Another method to block Crypto jacking is to use ad blockers. The various browser settings allow you to manually block certain domains.
If you are a more advanced user, you can also block domains in your host files (on Mac or Windows), likewise always blocking access to certain sites, including Coinhive (127.0.0.1 coin-hive.com coinhive.com)
Although you can protect yourself now against invasive mining techniques, it is likely that this approach may find widespread support in the coming months/years as webmasters look for more and more ways to reduce advertising while increasing their revenues…
Would you like to get more information about this topic? Contact us today.
